The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.0.13 via the 'family' parameter. This makes it possible for authenticated attackers, with editor-level access and above, to delete arbitrary directories on the server, which can result in loss of data and availability.
Metrics
Affected Vendors & Products
References
History
Fri, 17 Jul 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Themeum
Themeum kirki – Freeform Page Builder, Website Builder & Customizer Wordpress Wordpress wordpress |
|
| Vendors & Products |
Themeum
Themeum kirki – Freeform Page Builder, Website Builder & Customizer Wordpress Wordpress wordpress |
Fri, 17 Jul 2026 05:00:00 +0000
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-17T03:43:40.514Z
Reserved: 2026-07-10T20:01:36.121Z
Link: CVE-2026-15457
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T06:30:11Z